I’m using grafana 7.0.3. I want to detect if there are errors in Elasticsearch log, and include fields from Elasticsearch error documents to the alert notification message.
I’ve tried different syntaxes, like $status, {{status}} [[status]], but none worked, they are not substituted in the email message.
How can I add these fields correctly?
@borisova I’m not sure if this feature existed in 7.0.3. The first mention of adding label data to alert notification templates appeared in our docs in 7.2:
Hey @melori.arellano.
I’m using Grafana v8.5.2.
I’m trying to create log based alert from elasticsearch datasource in Grafana. My type of data:
{
message: "client was evicted",
hostname: "node0001"
}
I use the following simple query: message: "client was evicted" (A), Metric type count by @timestamp. My expression is if A count is above (0.5).
Trying to add the hostname to the alert notification / tag but sadly I can’t do it. I tried to add {{ $values.A.hostname }} to Summary & to labels but it doesn’t work.
I would appreciate your help.
Any solution on how to add fields (or metrics from query) from Elasticsearch data source to Grafana alert message?
Also looking for a solution.
My goal is to enrich the Alert Message with additional data from elasticsearch datasource, which is NOT part of the alert condition.
My approach would be to use a custom label with an elastic query behind. Hence a dynamic label is born.
Unfortunately this won’t work 
Any hints?
Also looking for a solution.
I’d like to use the ‘message’ field from elasticsearch as part of the alert body.
Is that possible?
I’m interested in this as well, for example, I have a following query:
application:my_application_1 AND metric:worker.*.job AND dc:california
Which would return me several metrics because of *, in my case, value of neither should be higher than <threshold>. How can I access metric name as a variable to send in alert message, if the condition is met? Trying to make an alert for each metric separately is not an option, because they’re representing application processes and created/removed dynamically.
Documentation doesn’t seem to help me much here, and I suspect that it’s primarily Prometheus-oriented, because I couldn’t achieve my goal with Graphite as data source as well.
@melori.arellano Maybe you could suggest where to look, thanks.
Did this work? How can we add elastic field in the email body?